Orthanc behind IIS+SSL certificate

Hi folks.

I am having a play with Orthanc 1.0 on Windows Server 2012 R2, and am wanting to ensure that it is set up using SSL from the get-go.

I am a newbie when it comes to DICOM, PACS, or Orthanc and would appreciate some advice/information from those that have gone before me :slight_smile:

Does anyone know if there is a guide for using Orthanc for Windows behind IIS?

If not, I assume I will have to use IIS as a reverse proxy bound to an SSL certificate on whatever port I decide on (probably 443) to port 8042 of the Orthanc instance (port 443 would be allowed through the firewall, port 8042 would be blocked).

Am I correct? Has anyone that has already done this got a web.config they would be willing to share?

Cheers,
Mark

Hello,

The relationship between IIS and Orthanc has been previously discussed in the Cornerstone discussion group:
https://groups.google.com/forum/#!topic/cornerstone-platform/FcxZLU4bL2U

Regarding HTTPS encryption, there is a FAQ entry inside the Orthanc Book:
https://orthanc.chu.ulg.ac.be/book/faq/https.html

HTH,
SĂ©bastien-

Hi SĂ©bastien, thanks for the reply.

I had read that FAQ and the thread already without feeling any the wiser :slight_smile:

I’m hoping someone has gone through setting this up in IIS and has a web.config they can share from their reverse proxy setup (assuming that is required). Having fought through a similar issue with seafile recently I know this is going to be exceptionally painful without help.

Cheers,
Mark

OK, I unfortunately cannot provide any guidance by myself, as I do not have access to any Windows IIS server.

I hope someone else will be able to answer you.

Cheers,
SĂ©bastien-

No worries SĂ©bastien.

If they do I'm happy to write up a step-by-step guide :slight_smile:

Cheers,
Mark

Hi,
IIS is not my speciality, but here is a guide on how to use it as a reverse proxy : https://developers.coveo.com/display/public/SearchREST/Configuring+HTTPS+Reverse+Proxy+in+IIS

Tell me if it helped you :slight_smile:

Have a nice day !

Hi SĂ©bastien (and anyone else interested in a how-to).

For your documentation:

The steps to use to hide Orthanc behind IIS in Windows are as below. IIS is also available as a feature you can enable via the Programs and Features in non Server versions of Windows.

Add Application Request Routing 3.0.
Add URL Rewrite module 2.
In IIS Manager bind an SSL certificate to port 443 on the default web site being used for Orthanc.
Add the following web.config at the root of the default website:

<?xml version="1.0" encoding="UTF-8"?>

In IIS Manager Open Application Request Routing Cache click on Server Proxy Settings on the right side of the window, change the Time-out to a much higher value. eg., 3600 = 1 hour to ensure download of DICOMDIR or ZIP’s doesn’t time out.

To allow user authentication against an Active Directory group add the following directly after in the above web.config, grant the appropriate Active Directory group read permission on the wwwroot folder:

<system.web>

</system.web>

You also need to make sure registered users is empty in the Orthanc Configuration.json file:

“RegisteredUsers” : { },

I think that is everything.

Cheers,
Mark

Hi Mark,

For your documentation:
The steps to use to hide Orthanc behind IIS in Windows are as below. […]

Great! Many thanks for sharing such a useful piece of information :slight_smile:

I have just copied your instructions to the FAQ section of the Orthanc Book:
https://orthanc.chu.ulg.ac.be/book/faq/iis.html

Regards,
SĂ©bastien-

Orthanc is a really nice project. You’ve done a lot of great work and I would love to use what you have built here.

So I worked on doing this for weeks a few years ago, and having learned about a little more about CORS I thought I would give it another try. Unfortunately I’m not a networking expert, so I’ve been struggling with these instructions. Whatever I’ve done so far doesn’t seem to work, it just seems to hang, but I’m sure I don’t have it set up properly.

Can you tell me what I should do if I already have a Web API on port 443? I tried to put the web.config code above into the existing code and it breaks the site. I tried to use another port and the calls just hang.